Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.

Please do not use UserVoice to report product bugs or for assisted support.
If you believe you have found a product bug, please send us a bug report through the Configuration Manager Console (1806 and newer). To do this, press the 🙂 button in the top right corner and choose “Send a Frown”. For more details, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help.

If you require assisted support, please see https://aka.ms/cmcbsupport for more details.

Standard Disclaimer – our lawyers made us put this here ;-)
We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Microsoft Endpoint Configuration Manager feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Configuration Manager. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. limited periodic scanning

    We use a "next gen" AV program, but we want to leverage Windows Defender to do "limited periodic scanning". The setup is supported by Defender and or AV client, but there does not seem to be an option to enable the feature via SCCM EPP management. I'd like to be able to force this to be toggled on.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add "source IP" filed in SCEP alert to indicate malware infection source for worms

    I suggest to add the “source IP” field to indicate where the worm like malware comes from, especially for Ransomware WannaCrypt.

    We know that Wannacrypt exploits vulnerability in SMBv1 to spread as worm, so in such scenarios, if the detection alert can have an attribute about which source computer exploits the vulnerability and drops the malware payload, that would be great help to customer locating the source computer. This applies to other worms.

    Expected detection from 3rd party AM product

    === Event Details ===
    Event ID: 147613895128
    Start Time: 21 Sep 2017 10:25:47 CST
    End Time: 21 Sep 2017 10:25:47…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Please Fix SCEP reports

    Hi all,

    I found two strange things in the 'Antimalware overall status and history' SCEP report.

    The first (Overall Endpoint Protection status and history part):
    (q1a.png, q1b.png, q1c.png included)
    The problem is that when the daily data goes to the historical table the ‘inactive’ and the ‘not installed’ counters will be the same. For instance, if I have 50 inactive clients they will be represented as with 50 ‘not installed’ too. Or customer was nerves about this statistic, because no machine can go into the production network without SCEP, but they see lots of ‘not installed’ in

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. 7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Adding a file hash to Windows defender detection alerts

    Adding a file hash of detected or suspected malware son that further research can be done using VirusTotal and simular resources.
    As it is now the threat informatinen provided by microsoft have very little detail and restoring files from quarantine to analyze them isn't ideal either

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please include the option to include MONTHLY FULL scans on systems.

    Currently we do not have the option to configure monthly full virus scans on our servers. Daily quick or full scans on hundreds of servers is not a very optimal solution.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for uninstall password for 3rd party enterprise antivirus.

    Support for uninstall password for 3rd party enterprise antivirus.
    Symantec especially, but the more support the better.
    This would help tremendously with migrations to Endpoint Protection.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Include Data Recovery Agent (DRA) control in SCCM Bitlocker Management feature

    Integration of DRA feature directly in SCCM Bitlocker Management feature to have all of Bitlocker controls centralized in one central point (no need extra GPO)

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. SCEP/Endpoint Allow Custom Threat List

    SCEP/Endpoint Protection should allow admins to add a custom file names, folders, or extensions as a threat. This would be very helpful in zero day vulnerabilities.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. WIndows Defender Application Control - Specify Base Policy when creating Policies

    When SCCM is applying the policy it Creates 2 XMLs in C:\windows\CCM\DeviceGuard and uses a windows template in C:\Windows\Schemas\Codeintegrity\ExamplePolicies

    This means that Rules already applied are not replicated when SCCM overwrites the current sipolicy.p7b (tested with before and after - some publisher rules were missing)

    My suggestion is to allow users to specify an additional xml to be merged with the 3 aforementioned xml files essentially allowing for custom rules to be replicated in the policy.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Disable 'Scan Now' for Users

    I would like to have a possibility to disable the 'Scan Now' button (System Center Endpoint Protection) for example on RDS environments.
    I would like to prevent that multiple users start a Full Scan during office hours.
    Using System Center 2012 R2 Configuration Manager or by GPO.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add the possability to configure a Quick/Full Scan if the client is infected.

    Some malware reproduces themselves in various files.
    For us a Quick/Full Scan if the Client is infected would be great.

    Option:
    If the Client was infected within "X" Hours/Days, run a "Quick/Full" Scan and create a report

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add a view for Resultant Set of Policy for Anti-Malware, in a similar fashion to that for Client Settings

    Add a view for Resultant Set of Policy for Anti-Malware, in a similar fashion to that for Client Settings in the Devices / Device Collections node.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. password protect client uninstall

    Would like to see the option to password protect/prevent client uninstall when the client is used for endpoint protection. This goes with another suggestion of having the client block removable media read and/or write.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. EMET deployment and reporting in SCCM as Endpoint Protection is done

    Get EMET in SCCM 2016 to be deployed, managed and having report

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. delete from quarantine

    To remove malware from clients I have to log into each client, go into the history and delete the infection from there? I'm really surprised I cannot do this from the SCCM console.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. SCEP: Have option to choose to scan at risk infectable files versus all files

    Almost every AV product I have ever worked with gives the administrator/user a configuration choice to scan All Files or just "at risk" or "common" file types (real-time or scheduled scan). McAfee and Symantec products for example clearly have this option. I have found using that configuration simplifies configuration and reduces the likelihood of problems with performance or breaking other applications. For example if a vendor says "don't scan our X folder with AV" that problem is usually a non-issue if those file types in folder X are not in the list of "common" programs or "common" data file types.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. block read and/or write of removable media (USD, CD, etc)

    We would like to see the ConfigMgr client endpoint protection aspect to be able to block read and/or write access to removable media and if need be admins able to password bypass. This is one aspect of 3rd party endpoint protection software that prevent companies form switching to ConfigMgr for endpoint protection.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Malware Detail buttons that link to useful information

    A Malware Detail button that actually links to actionable/useful information. The existing malware detail buttons link to pretty much blank malware detail pages on MS documentation sites. They are not useful. If you can't do the analysis, can you provide links to actual CVEs or other trusted sources?

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base